update urllib to fix CVE-2024-37891 (#6700)

2026-01-09 23:12:08 -03:30 · 2024-09-17 12:14:28 -04:00 · 2024-09-17 12:14:28 -04:00 · eb4f3c2864
commit eb4f3c2864
parent bcd18e161c
2 changed files with 3 additions and 1 deletions
--- a/requirements/requirements.in
+++ b/requirements/requirements.in
@ -65,6 +65,7 @@ slack-sdk
 tacacs_plus==1.0  # UPGRADE BLOCKER: auth does not work with later versions
 twilio
 twisted[tls]>=23.10.0  # CVE-2023-46137
+urllib3>=1.26.19 # CVE-2024-37891
 uWSGI
 uwsgitop
 wheel>=0.38.1  # CVE-2022-40898
--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@ -545,8 +545,9 @@ typing-extensions==4.9.0
    #   pydantic-core
    #   setuptools-scm
    #   twisted
-urllib3==1.26.18
+urllib3==1.26.20
    # via
+    #   -r /awx_devel/requirements/requirements.in
    #   botocore
    #   kubernetes
    #   requests